CN
As a supplement to the firewall, the Surfilter Intrusion Detection System is a second security gate behind the firewall, which analyzes the network, provides real-time monitoring for internal attacks, external attacks and mis-operation, and provides dynamic protection, greatly improving network security. The Intrusion Detection System (IDS) can detect intrusion attack before they can harm the network, and trigger an alarm. After the intrusion attack, it can provide detailed attack information for evidence and analysis.
The Surfilter Intrusion Detection System provides dynamic defense capability and can ensure comprehensive defense of the network by effectively combining the firewall and intrusion detection system in the network deployment. The IDS mitigates any limitations in the firewall. The IDS can effectively monitor all real-time data transmission on the switch. It provides users professional comprehensive intrusion detection capability, and comprehensive information display and security warning through protocol status check and intelligent association analysis, and provides the decision basis for improving the risk control environment of the users' network. It is an indispensable part of the entire network.
Product Features
Semantic-based SQL Injection Detection
The traditional signature-based SQL injection detection has high false positives and false negative rates, such as submitting SELECT in the USER field, is considered as an attack. After coding or function conversion or keyword cross-domain, it is easy for attackers to evade detection by mechanically matching strings.
The Surfilter Intrusion Detection System first constructs a Virtual Execution Environment that can execute various SQL Statements. It analyzes the input content semantically. No matter how complex and special the attack content is, the attack can be discovered as long as the content input by the user contains the attack.
Flexible Security Policy Management
The IDS adopts a policy-based protection method and has a variety of default security policy sets built in. Users can choose the policy that best suits their needs to achieve the best protection effect. Users can select a different event set according to different types of protection, which can improve system performance and reduce the probability of false positives.
The IDS can flexibly select the security policy according to the security type, protocol type, system, level, event source and other aspects. At the same time, it can be customized to provide different protection levels for different security policies based on various scenarios.
User Identification
The IDS provides user identification functions, and introduces the concept of user identification in the next generation firewall, into the IDS. With continuous development of networks and the rise in BYOD, it is not possible for IP-based management to fully meet network management needs. User-based identification connects the IP with real people to achieve effective identification and identity control. The system provides a variety of user identification means to enable administrators to better discover threats and attacks.
More Sophisticated Application Layer Security Control
Identification technology based on applications is the foundation of various application layer security protection. At present, various new applications are emerging such as QQ, MSN, file sharing, web services, P2P download, etc. These applications are bound to bring new and more complex security risks. These risks are inseparable from the application itself, and they cannot be protected from if they are not analyzed in combination with the application.
The IDS uses Traffic Detection Technology to comprehensively analyze all kinds of applications. It builds the identification framework of the application protocol and accurately identifies most mainstream application protocols. It can achieve fine-grained management of the applications based on application identification and provides good detection and defense capabilities for these application security vulnerabilities and attacks caused by these vulnerabilities.
